Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp77124imu;
        Fri, 14 Dec 2018 14:48:57 -0800 (PST)
X-Google-Smtp-Source: AFSGD/WBNlNFKCUJoA76JQPG6AfvOGDTUCm8Qz+Eb22C28KvhVhTWx+22CnkdLnYh1K4StXANmsw
X-Received: by 2002:a62:9913:: with SMTP id d19mr4536277pfe.107.1544827737874;
        Fri, 14 Dec 2018 14:48:57 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1544827737; cv=none;
        d=google.com; s=arc-20160816;
        b=kx1mtuqHqslqDPdJmKG+EvrBjiTnwabDr+XxcrDw1Tw3rJbEH9Gd1PpeyioeT9dqiI
         AYIPUOpDlVpgK+8ZlrrZlyASmLYhsAl/glGbyC7BhwKa8rGrydPWsNx5r6f8yY4knTQY
         QG3YWaV1oDyHN3kuI4/RqhIGUrPhP3/usQU/0uONgYrZEGir6mSMkWkvzeZvff4om7zC
         tHxc93e2XU/Gw4nruUQbm3oFovvQSrMj8BXgBt8EMXbHZ16yQa+msAYUnpSaFABdcXA4
         SrE8tjUTHfLCe6x/12wv91Cwutjg8rqavMVpcCSFqLJENUWvbha+OhDIWvT+p89cGzLo
         U6IA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:dkim-signature;
        bh=+sVeExr61Mq3L3NYAB+pagTiCuo2PfKJ9Dk8LO8Wc1Y=;
        b=mx3DNQ+oMHHXUvMvnKnQek7++/bkPo5QOzri029riKpVYfOwPAVMGu9WLsKXj/lc61
         dbLOBoRN1wW8Oe3LgwurKem68JchXZMeP5ujyil9Xga9igI3sQmhU/NumaItI8YolChX
         GoKHZf7YPC0cUhhWPuCAgkkrk5CMM6sGFFmfkk416UGplyOHouMar/SVku8ZLMUyJyEb
         66QYxt1Hm/KxcvqurTKuecoSTrCSCJAKmmlySj1zZlGjEs0UiumbPKH0dsF7UzzMhZrJ
         VNaknFt3ibzS/FGbwwePPF+XcX5dsAD01J+Y9QvcykKcZK6uTutbALDzRA6hgruZL7aL
         AdQg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=TLVuo4IU;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id e4si4956141pgk.127.2018.12.14.14.48.42;
        Fri, 14 Dec 2018 14:48:57 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=TLVuo4IU;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730145AbeLNWrx (ORCPT <rfc822;zjuysxie86@gmail.com>
        + 99 others); Fri, 14 Dec 2018 17:47:53 -0500
Received: from mail-pg1-f194.google.com ([209.85.215.194]:35862 "EHLO
        mail-pg1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1729341AbeLNWrx (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 14 Dec 2018 17:47:53 -0500
Received: by mail-pg1-f194.google.com with SMTP id n2so3327405pgm.3;
        Fri, 14 Dec 2018 14:47:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=subject:to:cc:references:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-language:content-transfer-encoding;
        bh=+sVeExr61Mq3L3NYAB+pagTiCuo2PfKJ9Dk8LO8Wc1Y=;
        b=TLVuo4IUnJfZh1r5l5l866Ynkcmx6i1y6MtYGhdhM4ouTi9WQHurmlMRQL6goJ8gwx
         v+woPrpWn0rySugQDvtO/IUtm3iVhR7AHKvmxNMH+SEI5K/j6YvBXw/xxK44xnQ30dUi
         sH5ASBxGboDVPKuJ87nqDzfBmw1s8DGcSMVX/aaumXKnar2GiJN8CkrU5Wq8b0qfVfuc
         Cl3fp+n+eM9wNAeI72jCcKYqNPYpgPyk5K4c/nj3HUWV2WzKAHyyccRpoW8RNeDfkJ8t
         IJD0u2BblxmBKT21m+2tKu0DmzW97eWVtQskd/0bSBYDvc9WdKaeZNqkzLgRY839Q12E
         pRoA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=+sVeExr61Mq3L3NYAB+pagTiCuo2PfKJ9Dk8LO8Wc1Y=;
        b=QzGfo87pmEIhlzexC9ZogifshlXnFJrH2pJEHFeDIpt+seYI/ttu9eV75H/t8A3FXr
         tt4cbLldqS/NGFPkSZHrcDT+CvaWsfiaj7n/AKnnB+6RPyrc8jxaVnBTH3/kZhOygyYo
         Bto8E61heJh0KVEVywOJwaf8xbtvqtk3dmqEwWOat6HDzXBTXJjFgQfFW54dENYiMC8C
         a0IfokbsUED9g6pcXC7CrKMHkuPuAyUp0mTXTvCYp8bDG8spYQCJ1hepRGjypvhlcZOB
         4BU9Ag+l9cbfXcQUR0bh/d2FpDAfjA1b07YwuAIycOqB4mktkXsMr3NwPcp8RzV922Zu
         pxrA==
X-Gm-Message-State: AA+aEWbD52TTv59P2kOBwb7gLDViLSiJv/8IbQcU9r1jTi49uwbyzXTu
        Mruq4cDXzk1iW580OuFpRGw=
X-Received: by 2002:a62:7dcb:: with SMTP id y194mr4574593pfc.113.1544827672290;
        Fri, 14 Dec 2018 14:47:52 -0800 (PST)
Received: from [192.168.1.70] (c-24-6-192-50.hsd1.ca.comcast.net. [24.6.192.50])
        by smtp.gmail.com with ESMTPSA id u69sm13416584pfj.116.2018.12.14.14.47.51
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 14 Dec 2018 14:47:51 -0800 (PST)
Subject: Re: [PATCH 1/2] of: of_node_get()/of_node_put() nodes held in phandle
 cache
To:     Rob Herring <robh+dt@kernel.org>
Cc:     mwb@linux.vnet.ibm.com,
        linuxppc-dev <linuxppc-dev@lists.ozlabs.org>,
        Michael Ellerman <mpe@ellerman.id.au>,
        Tyrel Datwyler <tyreld@linux.vnet.ibm.com>,
        tlfalcon@linux.vnet.ibm.com, minkim@us.ibm.com,
        devicetree@vger.kernel.org,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Frank Rowand <frowand.list@gmail.com>
References: <1544769771-5468-1-git-send-email-frowand.list@gmail.com>
 <1544769771-5468-2-git-send-email-frowand.list@gmail.com>
 <CAL_JsqKn8RpRmk7OQB9nEM6nZMfdyjgomqMqLU=u+q2qUzQQCg@mail.gmail.com>
From:   Frank Rowand <frowand.list@gmail.com>
Message-ID: <35cab334-0856-44e1-b18e-22668011b429@gmail.com>
Date:   Fri, 14 Dec 2018 14:47:50 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.2.1
MIME-Version: 1.0
In-Reply-To: <CAL_JsqKn8RpRmk7OQB9nEM6nZMfdyjgomqMqLU=u+q2qUzQQCg@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 12/14/18 9:15 AM, Rob Herring wrote:
> On Fri, Dec 14, 2018 at 12:43 AM <frowand.list@gmail.com> wrote:
>>
>> From: Frank Rowand <frank.rowand@sony.com>
>>
>> The phandle cache contains struct device_node pointers.  The refcount
>> of the pointers was not incremented while in the cache, allowing use
>> after free error after kfree() of the node.  Add the proper increment
>> and decrement of the use count.
> 
> Since we pre-populate the cache at boot, all the nodes will have a ref
> count and will never be freed unless we happen to repopulate the whole
> cache. That doesn't seem ideal. The node pointer is not "in use" just
> because it is in the cache.
> 
> Rob
> 

This patch also adds of_node_put() so that the refcount will go to zero
when the node is removed as part of an overlay remove, if the node was
added by an overlay.

Patch 2/2 adds the free cache entry call to __of_detach_node(), so the
refcount will go to zero when the node is removed for dynamic use cases
other than overlays.  (For overlays, all nodes are instead removed from
the cache before __of_detach_node() is called.)

-Frank